Monday, 31 July 2023 11:48

Browser and App Pivots are part of the Problem, Seraphic looks to Address this with one Agent to Rule them All

Written by

Reading time is around minutes.

If you look at common attack vectors and especially Initial Access Broker attacks, there are a few parts of the attack chain which stand out. These are the pivot through some form of communication/collaboration app to the phishing landing page. These apps are also often part of insider threats where someone might use their own personal email, OneDrive, or other web/app-based app to exfiltrate information they want outside of an organization. Many companies are very exposed to this either through a lack of tools, skilled staff or being oblivious to the exposure.

The truly sad part about all of this is that there are many tools that exist to protect against this risk. If you are running a Microsoft shop, you have Azure DRM, Priva, Insider Threat Protection and other options. Well, these options are available if you are paying for the right licensing. What do you do if you are not able to swing $57 per user per month along with the staff to wade through the swampy mire that are Microsoft’s ever changing security tool pages? Conversely what do you do if you are not a Microsoft shop?

Browser Security company Seraphic says they have an answer for you. In a press release today, Ilan Yeshua, CEO and Co-founder at Seraphic offers the following for your consideration.
“Web browsers have been at the center of the digital workspace for years, but desktop apps for SaaS services have become increasingly important—and increasingly risky—to businesses”

“Collaboration and productivity apps offer new communication channels for employees and other third parties to get work done, but those same channels significantly increase the likelihood of data loss, especially since data can be shared between organizations or accessed from personal devices”

Both of these statements are very true and given recent flaws found in Microsoft Teams which allow an attacker to impersonate internal communications, they are in even shaper focus by many organizations. Still there is something there that might be overlooked, it is the common use of personal devices to access company data and resources. As I have said too many times to count, Personal Phones and Tablets represent the largest shadow IT and BYOD group in existence. Many companies do not even have a policy covering BYOD devices yet allow unfettered access to company data.

Seraphic is known for their enterprise browser protection which gives an organization the ability to protect the resources that users access through centrally controlled policies which are enforced across all browsers in any environment and “on any device”. The current list of “any device” is not complete, but it does allow for significant control over just about any browser on PC and Safari and Firefox on mobile devices, but they do have plans to extend this in the future. The controls allow an organization to include DLP policies, block the installation of browser plug-ins, but it also provides a layer between the active code (JavaScript) and the execution engine to reduce the likelihood of exploitation via this vector. The isolation of the browser can also prevent phishing and other browser based social engineering attacks along with many other browser-based pivots (XSS, Clickjacking etc.)

Before you say there are other tools to do this, I would mention that many of those tools are limited in their scope. For example, you can, through MS365, set up browser isolation, but that only works on Microsoft Edge. If someone is using Chrome, FireFox, etc. they are still open to attack as the Browser isolation and security policies are only applied to the Microsoft Controlled Edge. Other controls for browsers are much less secure inside the MS365 environment. Seraphic is not limited by the same constraints. When you combine this with the expansion into other collaboration apps on PC it narrows the attack window on these products. The use of this agent allows for better controls on both company owned and personal devices when it comes to browser based and collaboration-based attacks. In light of some of the pivots in Microsoft Teams this is certainly good news.

I hope to follow up with Seraphic Security while I am out at Black Hat 2023 and will be providing more insight into this new feature and also what the road map may look like when it comes to protecting that often-missed mobile BYOD attack vector.

Read 688 times Last modified on Monday, 31 July 2023 11:59

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.